From da240734f180b49075a62041fa41ae4f46332623 Mon Sep 17 00:00:00 2001 From: Isaac Date: Wed, 20 Aug 2025 20:59:00 +0000 Subject: [PATCH 1/2] fix: do not allow spec update on mtpnc, pn and pni Signed-off-by: GitHub --- crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go | 1 + crd/multitenancy/api/v1alpha1/podnetwork.go | 1 + crd/multitenancy/api/v1alpha1/podnetworkinstance.go | 1 + ...ultitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml | 3 +++ .../multitenancy.acn.azure.com_podnetworkinstances.yaml | 3 +++ .../manifests/multitenancy.acn.azure.com_podnetworks.yaml | 3 +++ 6 files changed, 12 insertions(+) diff --git a/crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go b/crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go index dba7fdd117..715d22d028 100644 --- a/crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go +++ b/crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go @@ -37,6 +37,7 @@ type MultitenantPodNetworkConfigList struct { } // MultitenantPodNetworkConfigSpec defines the desired state of PodNetworkConfig +// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="spec is immutable after creation" type MultitenantPodNetworkConfigSpec struct { // name of PNI object from requesting cx pod // +kubebuilder:validation:Optional diff --git a/crd/multitenancy/api/v1alpha1/podnetwork.go b/crd/multitenancy/api/v1alpha1/podnetwork.go index 4f21ccbe07..eaca4b65fd 100644 --- a/crd/multitenancy/api/v1alpha1/podnetwork.go +++ b/crd/multitenancy/api/v1alpha1/podnetwork.go @@ -46,6 +46,7 @@ const ( ) // PodNetworkSpec defines the desired state of PodNetwork +// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="spec is immutable after creation" type PodNetworkSpec struct { // NetworkID is the identifier for the network, e.g. vnet guid or IB network ID // +kubebuilder:validation:Optional diff --git a/crd/multitenancy/api/v1alpha1/podnetworkinstance.go b/crd/multitenancy/api/v1alpha1/podnetworkinstance.go index 0437bee57f..03c7382ed1 100644 --- a/crd/multitenancy/api/v1alpha1/podnetworkinstance.go +++ b/crd/multitenancy/api/v1alpha1/podnetworkinstance.go @@ -45,6 +45,7 @@ type PodNetworkConfig struct { } // PodNetworkInstanceSpec defines the desired state of PodNetworkInstance +// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="spec is immutable after creation" type PodNetworkInstanceSpec struct { // Deprecated - use PodNetworks // +kubebuilder:validation:Optional diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml index 9390424b82..be65733175 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml @@ -68,6 +68,9 @@ spec: required: - podNetwork type: object + x-kubernetes-validations: + - message: spec is immutable after creation + rule: self == oldSelf status: description: MultitenantPodNetworkConfigStatus defines the observed state of PodNetworkConfig diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml index 8dbbbe127f..4980ed0d50 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml @@ -86,6 +86,9 @@ spec: description: Deprecated - use PodNetworks type: string type: object + x-kubernetes-validations: + - message: spec is immutable after creation + rule: self == oldSelf status: description: PodNetworkInstanceStatus defines the observed state of PodNetworkInstance properties: diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworks.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworks.yaml index f7aa88bbd9..046771236f 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworks.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworks.yaml @@ -87,6 +87,9 @@ spec: description: Deprecated - Use NetworkID type: string type: object + x-kubernetes-validations: + - message: spec is immutable after creation + rule: self == oldSelf status: description: PodNetworkStatus defines the observed state of PodNetwork properties: From 4af933e77f28d28915efd57b1cfd98e6ac300182 Mon Sep 17 00:00:00 2001 From: Isaac Date: Thu, 21 Aug 2025 19:29:52 +0000 Subject: [PATCH 2/2] revert: pn, pni validation rule Signed-off-by: GitHub --- crd/multitenancy/api/v1alpha1/podnetwork.go | 1 - crd/multitenancy/api/v1alpha1/podnetworkinstance.go | 1 - .../multitenancy.acn.azure.com_podnetworkinstances.yaml | 3 --- .../manifests/multitenancy.acn.azure.com_podnetworks.yaml | 3 --- 4 files changed, 8 deletions(-) diff --git a/crd/multitenancy/api/v1alpha1/podnetwork.go b/crd/multitenancy/api/v1alpha1/podnetwork.go index eaca4b65fd..4f21ccbe07 100644 --- a/crd/multitenancy/api/v1alpha1/podnetwork.go +++ b/crd/multitenancy/api/v1alpha1/podnetwork.go @@ -46,7 +46,6 @@ const ( ) // PodNetworkSpec defines the desired state of PodNetwork -// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="spec is immutable after creation" type PodNetworkSpec struct { // NetworkID is the identifier for the network, e.g. vnet guid or IB network ID // +kubebuilder:validation:Optional diff --git a/crd/multitenancy/api/v1alpha1/podnetworkinstance.go b/crd/multitenancy/api/v1alpha1/podnetworkinstance.go index 03c7382ed1..0437bee57f 100644 --- a/crd/multitenancy/api/v1alpha1/podnetworkinstance.go +++ b/crd/multitenancy/api/v1alpha1/podnetworkinstance.go @@ -45,7 +45,6 @@ type PodNetworkConfig struct { } // PodNetworkInstanceSpec defines the desired state of PodNetworkInstance -// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="spec is immutable after creation" type PodNetworkInstanceSpec struct { // Deprecated - use PodNetworks // +kubebuilder:validation:Optional diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml index 4980ed0d50..8dbbbe127f 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml @@ -86,9 +86,6 @@ spec: description: Deprecated - use PodNetworks type: string type: object - x-kubernetes-validations: - - message: spec is immutable after creation - rule: self == oldSelf status: description: PodNetworkInstanceStatus defines the observed state of PodNetworkInstance properties: diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworks.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworks.yaml index 046771236f..f7aa88bbd9 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworks.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworks.yaml @@ -87,9 +87,6 @@ spec: description: Deprecated - Use NetworkID type: string type: object - x-kubernetes-validations: - - message: spec is immutable after creation - rule: self == oldSelf status: description: PodNetworkStatus defines the observed state of PodNetwork properties: